Companies have immense potential with our data, which they can use to develop products and applications. At the same time, they must also take responsibility and protect our data. Our author sheds light on the challenges that modern data protection in the company must meet and become a success factor.

Most organisations are currently dealing with the question of how to get more benefit from their data. New life is being breathed into data thanks to artificial intelligence. It is easy for machine learning algorithms to discover patterns hidden in the data that are superior to our business rules and human intuition.

If only there weren’t privacy issues…

Before companies can tap into this untapped business potential, a number of challenges must be overcome. One of the biggest hurdles is dealing with data protection in accordance with the law. For example, the legal basis in Switzerland and abroad has been adapted in recent years. This fills the legislative vacuum, because entire industries have grown out of the ground in the last twenty years, whose business models are mainly based on the uncontrolled exploitation of our data. But the times of unbridled data gold rush are slowly coming to an end. Because as Tim Cook, the CEO of Apple, said: “If a business is built on misleading users, on data exploitation, on choices that are no choices at all , then it does not deserve our praise. It deserves reform.”

“If a business is built on misleading users, on data exploitation, on choices that are no choices at all , then it does not deserve our praise. It deserves reform.” Tim Cook, CEO Apple

The General Data Protection Regulation has governed data protection within the EU since 2018. Violations of the basic regulation entail large financial penalties. The list of penalised companies reads like a “Who’s Who” of the digital world and can be found in one of the enforcement trackers[1]. Google alone has been fined a total of 160 million euros in the last nine months in France and Spain. In Switzerland, the new data protection law will come into force in September next year and many companies have been preparing for the adjustments for some time. The law protects the privacy of us citizens and grants them, among other things, the right to decide how their data may be processed by companies outside of its original purpose. The legal interpretation of data protection leads to many uncertainties within an organisation that wants to remain compliant, to delays in decisions about data use and to a balancing act between the need to be innovative and compliant at the same time. However, the impact of data protection goes beyond legal compliance and has become a basic feature of customer satisfaction. It is assumed by customers and if it is missing, it results in a breach of trust, which also has a direct impact on the business relationship. Certain companies, such as Apple, even go a step further with data protection and actively use it as a differentiating factor against the competition, as the commercial below shows well:

Investing in data protection

The fact that data protection has become a business imperative for companies around the world and a critical component of customer trust has led to a more than doubling of the average data protection budget worldwide in the last two years, Figure 1.[3]Data protection is one of the most important elements of a company’s business strategy

Fig. 1: Spending on data protection (Source: Cisco)

Although investment in data protection has risen sharply, many institutions still insufficiently focus their efforts on addressing vulnerabilities. This is largely due to the lack of technological skills needed to assess existing and accumulated data protection risks. Often, by necessity, the data protection team is forced to maintain existing processes that are not compliant with the law, as these are considered business-sustaining processes and therefore cannot be easily replaced. An example of this is software testing with real customer data that is either insufficiently anonymised or not anonymised at all. The use of real customer data for software testing is unfortunately still a widespread phenomenon and is due to the fact that the established technologies for anonymising data greatly reduce the quality of the data and thus falsify the test results.

Risk and innovation

When it comes to innovative projects, however, the risk tolerance of privacy managers changes dramatically. The known privacy risks and vulnerabilities of established privacy technologies negatively impact the potential for success of data-driven innovations. This leads to a mass death of innovations that seek to unlock new revenue potential from data or any cross-organisational or cross-sector initiatives that aim to collectively analyse data. Those who suffer are found, for example, in medical research, where important insights could be gained by linking patient data, or in the fight against money laundering and other financial crimes, where better predictive models for fraud prevention could be developed through better sharing of data. The picture painted is bleak:

• Data protection laws are becoming stricter;
• customers have less recourse when data protection is violated;
• the pressure to do more with data is increasing; and
• the tools we have used for years in data protection have many weaknesses and are therefore used in a very limited way.

Is there any hope that the potential of customer data can be realised without violating the privacy of our customers? The answer is a resounding “yes”.

2. Part two follows with data protection technology

A second part will follow shortly on this topic. It will deal with new data protection technologies that aim to bridge the gap between privacy protection and the need of companies to use the data economically.

A CAS for the use of AI in companies

How to exploit the potential of artificial intelligence in your own company is taught in the second edition of the CAS AI for Business from BFH Wirtschaft. The course offers a strongly practice-oriented introduction to Artificial Intelligence (AI) and Machine Learning (ML) for managers without technical knowledge. It supports specialists and managers from business, administration and non-profit organisations in better assessing the potential of AI and communicating effectively with data scientists. More information and registration.

References

1. [1] https://www.enforcementtracker.com
2. [2] https://www.inc.com/justin-bariso/tim-cook-may-have-just-ended-facebook.html
3. [3] CISCO 2022 Data Privacy Benchmarking Study